ServiceNow REST Message 403 Forbidden with Genesys Cloud OAuth Client Credentials

Administration
1

Having a hard time configuring the outbound webhook authentication for our ServiceNow integration. The goal is to automate ticket creation from Genesys Cloud Architect flows using the Client Credentials grant type, but the ServiceNow instance is consistently rejecting the token request.

Background

We are migrating our digital channel integrations to use a dedicated Genesys Cloud OAuth client for server-to-server communication. The environment is Genesys Cloud (v2 API) and ServiceNow (Washington DC release). The timezone for all timestamps is Europe/London (UTC+0). I have created a new OAuth client in Genesys Cloud with the api:conversation:read and api:conversation:write scopes. The client ID and secret are stored in ServiceNow as encrypted properties within the REST Message definition.

Issue

When the Genesys Cloud Data Action triggers the webhook, ServiceNow attempts to fetch an access token from https://login.mypurecloud.com/v2/oauth2/token. The request returns a 403 Forbidden response with the following JSON body:

{
 "code": "forbidden",
 "message": "The application is not authorized to access this resource."
}

Troubleshooting

  1. Verified the Client ID and Secret in ServiceNow match the Genesys Cloud OAuth client settings exactly.
  2. Confirmed the grant_type is set to client_credentials in the ServiceNow REST Message body.
  3. Checked the Genesys Cloud admin console; the OAuth client is active and not disabled.
  4. Tested the endpoint using Postman with the same credentials, and it works perfectly, returning a valid JWT.
  5. Reviewed the ServiceNow REST Message logs. The headers include Content-Type: application/x-www-form-urlencoded and Authorization: Basic <base64-encoded-credentials>.

Is there a specific IP allowlist requirement for the Genesys Cloud token endpoint that blocks ServiceNow’s outbound proxy? Or is there a known issue with how ServiceNow encodes the Basic Auth header for this specific endpoint? I have checked the Genesys Cloud API documentation for any rate-limiting or scope restrictions, but nothing seems to apply to a simple token exchange.